[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command

Danny Mayer mayer at ntp.org
Wed Aug 26 04:04:20 UTC 2009


Terje Mathisen wrote:
> Danny Mayer wrote:
>> Dave Hart wrote:
>>> On Mon, Aug 17, 2009 at 5:09 PM, Brian Utterback wrote:
>>>> Why can't it have a full or relative path? Is there a technical reason, or
>>>> is it a SMP (Simple Matter of Programming)? It seems like a strange
>>>> limitation.
>>> Definitely a SMP.  Since it is currently available to anyone without
>>> authentication, restricting to a single directory seemed wise.  Once
>>> it requires authentication, both the pathname and the
>>> non-existent-target restrictions can be removed as far as I know.
>> No. This is extremely dangerous. Paths need to restricted otherwise it
>> is a potential attack vector allowing people to overwrite the password
> 
> I agree.
> 
>> file, boot file, or anything else, particularly if ntpd is running as
>> root. Even within a root jail you are asking for trouble. The best
>> solution is to configure a write directory within the configuration file
>> and not allow that directory to be changed remotely.
> 
> No, the 'best solution' is to return the configuration to the machine 
> doing the query, just like monlist and other long response queries.
> 

It is certainly safer but even so the option needs to be disabled by
default and require authentication before allowing the option to be
used. Also not everyone will want to be able to do this and certainly
don't want others doing this.

Danny
> Terje
> 




More information about the hackers mailing list